vps-1c473bcd.vps.ovh.net
Open in
urlscan Pro
51.195.149.12
Malicious Activity!
Public Scan
Effective URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wr...
Submission Tags: 6797240
Submission: On October 05 via api from US
Summary
This is the only time vps-1c473bcd.vps.ovh.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 166.62.10.186 166.62.10.186 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 9 | 51.195.149.12 51.195.149.12 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4739 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
12 | 6 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-10-186.ip.secureserver.net
difpt.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ovh.net
1 redirects
vps-1c473bcd.vps.ovh.net |
73 KB |
1 |
amung.us
whos.amung.us |
210 B |
1 |
waust.at
waust.at |
8 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
difpt.org
difpt.org |
337 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
9 | vps-1c473bcd.vps.ovh.net |
1 redirects
vps-1c473bcd.vps.ovh.net
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
vps-1c473bcd.vps.ovh.net
|
1 | ajax.googleapis.com |
vps-1c473bcd.vps.ovh.net
|
1 | difpt.org | |
12 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
difpt.org Sectigo RSA Domain Validation Secure Server CA |
2020-06-23 - 2022-09-25 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: B310BF0C1D9CC0F0F343E697883F11DE
Requests: 14 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://difpt.org/admin/ Page URL
- http://vps-1c473bcd.vps.ovh.net/ Page URL
-
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/
HTTP 302
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 1
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://difpt.org/admin/ Page URL
- http://vps-1c473bcd.vps.ovh.net/ Page URL
-
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/
HTTP 302
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
difpt.org/admin/ |
228 B 337 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
vps-1c473bcd.vps.ovh.net/ |
211 B 591 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validate.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ |
318 B 545 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d.js
waust.at/ |
13 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/img/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
whos.amung.us/pingjs/ |
28 B 210 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery object| jQuery112402330520024923468 function| validateLogin object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
vps-1c473bcd.vps.ovh.net/ | Name: PHPSESSID Value: t4oe1t1k0fk2bgg5u4rssbpqo5 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
difpt.org
vps-1c473bcd.vps.ovh.net
waust.at
whos.amung.us
166.62.10.186
2606:4700:20::ac43:4739
2a00:1450:4001:803::200a
51.195.149.12
67.202.94.94
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1443673d11bd9a82928b79ae23d8de599adcf9ce4c34f8305454d375c65fd4ef
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
165c7ebd612c67eb88bd1545c301b98b125d526dd15842fd3268394db3011537
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
558e3516f873c181986f54316738ac717fac6913e5616f75284f6b1fef43faa4
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd
9ea53c4396b4de5405d05310f9bbbc49b59df1833972014e325d7daf7657b7c3
a446fcd80b3e207f1a704f1876bc8086495d8ccf87522af44c8a16af0cc59b19
dee58b63a7a07b3bcc36cadc32090d62e207467a950b2de9264b7c5e48a690a1
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c